-
# TODOS
- [ ] any existing work we should investigate
- [ ] mock-ups of existing algorithms
- [ ] how do loops work?
- [ ] do we need conditionals?
# GOALS
- Code generation reflects written c…
-
```yaml
{
"id": 102,
"title": "RVD#102: OTA OpenSSH version vulnerable to user enumeration attacks",
"type": "vulnerability",
"description": "The OpenSSH server version 7.6p1 is vulner…
-
So .. Arachni cannot find my login form - do you have any ideas?
I've tried with these parameters:
Username
Password
and
ctl00_bodyArea_Login1_UserName
ctl00_bodyArea_Login1_Password
``…
-
- Some protocols send a secret key over the wire.
- When reading from a socket with cqueues, the result is currently pushed as a string.
- In Lua, strings are interned, which means that depending on i…
-
Just some sharing of this paper: https://arxiv.org/abs/1702.06764 "Loophole: Timing Attacks on Shared Event Loops in Chrome".
What I find particularly interesting is that, besides the 'script event…
-
This is just an issue to collect some brainstorming on how we want this to work. In particular, I'd love to design it to be more interactive. Here's what I'm thinking:
Hammersport matches could be re…
-
_(discussed at TPAC 2016; rough notes and summary of discussed ideas below)_
Read [Hero Element Timing API](https://docs.google.com/document/d/1yRYfYR1DnHtgwC4HRR04ipVVhT1h5gkI6yPmKCgJkyQ/edit) doc f…
-
in the function ' base64_decode',
////////////////////////
char \* str = new char[ret.size()];
strcpy(str, ret.c_str());
///////////////////////
the strcpy is very DANGER, the alloc m…
-
```
A persistent window/tab that remembers your settings/lists/etc will allow a tester to
retry different tests faster.
You should be able to reopen the fuzzer to tweak settings e.g change injection …
-
Reusing OHTTP for STAR is convenient, but it creates two unnecessary weaknesses:
1. A malicious aggregator who can monitor the relay's network traffic can likely identify the source IP of individual …